Upload
elie-el-masry
View
213
Download
0
Embed Size (px)
DESCRIPTION
Zone Auditing
Citation preview
Zone Auditing
1: login with a user within a role where solaris.admin.edit/etc/syslog.conf authorization assigned to it.
“root”
2: Use the pfedit or vi command to edit the /etc/syslog.conf file, adding or changing message sources, priorities, and message locations according to the syntax described in syslog.conf (4) .
$ pfedit /etc/syslog.conf
3: The below editor will open in order to add the required auditing procedures.
In red you will find an example for auditing the user authentication access successful/unsuccessful attempts and copy the logs to /var/adm/authlog, where the file should be created in prior. We can use this scenario for testing. In our case we replace it with @arcsight-server-ipaddress .
4: save after finishing the adjustment.
5: Restart system log service.
# svcadm restart system-log
6: Below the commends needed to be add as per similarity to the linux commands sent before
PS: spaces are TAB
### General Logging
#*.info;*.notoice /log/all.info
#*.warning /log/all.warning
#*.debug /log/all.debug
*.err;*.crit;*.emerg /log/all.err